Presentation is loading. Please wait.

Presentation is loading. Please wait.

OS Access Control Mauricio Sifontes.

Published byRalph Johnston Modified over 5 years ago

Similar presentations

Presentation on theme: "OS Access Control Mauricio Sifontes."— Presentation transcript:

1 OS Access Control Mauricio Sifontes

2 Introduction Access Control is a job performed by the operating system in collaboration with the hardware that deals with granting different users different permissions to own, read and write files or other resources. This is an integral in the security of the system

3 Concepts Roles: Actions: Owner Identification Custodian Authentication
End User Actions: Identification Authentication Authorization Access

4 Lampson’s Access Matrix
Is a 2 dimensional matrix that consists of the objects in one dimension and the subjects in the other It defines the different access rights that the subjects have on the objects Subjects can be for example processes, users, groups, etc. Objects can be for example processes, files, resources, etc. Access rights can be for example own, read, write, execute, etc.

5 Access Control Lists Set of permissions attached to an object (Column of Lampson’s Matrix) The system has to check the list when a subject wants to use the resource In windows, an ACL Table contains: SID: ID used to identify user, group or session in all interactions Access Mask: Value that determines what rights are allowed or denied Type Flag: Indicates the type of the object which determines what operations can be performed on it Inheritance Flags: determines the inheritance property of the object

6 Capability Tickets Authorized objects and operations for every user (Row of Lampson’s Matrix) Capability tickets present a greater security vulnerability because they might be dispersed through a system To overcome this, capability tickets should be managed by the OS and located in a part of memory inaccessible to users In networks, encryption can de used for data distribution since only certain users should have access to the data

7 Access Control Models Access control models are frameworks that the custodian can use to give different types of access to different subjects The access control model is both embedded in the software and the hardware Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role Based Access Control (RBAC) Rule Based Access Control (RBAC)

8 Discretionary Access Control (DAC)
Developed by Lampson, Graham and Denning Least Restrictive Every object has an owner with full control over it Owner can give different access types to other users Used in most Windows and Unix Systems Weaknesses: End User is responsible for setting proper level security Subject permissions will be inherited by programs that the user executes Step 1: Subject a request object alpha in cretain operation Step 2: A message is created with these 3 variables Step 3: Matrix interrogated and access granted or denied. If denied, a warning is triggered

9 Discretionary Access Control (DAC)
Protection State: The set of information at any given point that specifies the access right for each subject in respect to the objects. Rules for modifying the Access Matrix: Entries in the matrix are treated as object themselves The owners and control properties must be specified in the access Control Matrix A table of rules must be determined for transferring access capabilities

10 Access Control Rules (DAC)

11 Mandatory Access Control (MAC)
Most restrictive model Only custodian is capable of assigning access levels Model based on “labels” i.e. confidential, secret, top secret, etc. Also based on “levels” Commonly used in military applications Lattice Model (multiple lattices) Bell-LaPadula Model (restricts creation of objects)

12 Role Based Access Control (RBAC)
More relevant to real world applications Permissions are assigned depending on the users role in the system A type of user is created with specific permissions and then users are assigned a type

13 Rule Based Access Control (RBAC)
Also referred to as Rule Based Role Based Access Control (RB-RBAC) Can dynamically assign roles to users based on a set of rules determined by the custodian Each object has access properties The system has to check on a case by case basis Used to manage user access to one or more systems

14 Thank You

Download ppt "OS Access Control Mauricio Sifontes."

Similar presentations

OM-AM and RBAC Ravi Sandhu * www.list.gmu.edu Laboratory for Information Security Technology (LIST) George Mason University.

OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
OS Security Part III.

OS Security Part III.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.

Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control Methodologies

Access Control Methodologies
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
User Domain Policies.

User Domain Policies.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Lecture 7 Access Control

Lecture 7 Access Control

Similar presentations

Ads by Google